Files relevant to MettleCI
The misconfiguration of SSH-related files on the DataStage Engine on which you have MettleCI Workbench installed can give rise to various symptoms, most of which are characterised by the failure of one system to form a trusted connection with another. This page describes the SSH components relevant to MettleCI, and how those components should be configured for successful operation.
This page assumes you are running MettleCI Workbench on a Unix-based host under a user called mciworkb (link).
In the diagram above the MettleCI Agent Host (described here) stores a private key file (named client.key in the diagram above) for which the public key equivalent (e.g. client.key.pub) is stored inside the ~/.ssh/authorized_keys file of the user account you are using to execute the MettleCI Workbench - typically mciworkb. This permits SSH connection between the MettleCI Agent Host and your DataStage Engine upon which the MettleCI Workbench is running. This connection is, most notably, required when using MettleCI commands from the Remote Namespace with the privateKey option.
Similarly, your DataStage Engine will store a private key file (an example of which is created during MettleCI installation - workbench.key) in the MettleCI installation directory - typically /opt/dm/mci. The the public key equivalent (e.g. workbench.key.pub) is shared with third party systems with which your DataStage engine needs to communicate - most commonly your Git and Work Item Management platforms.
MettleCI CLI
Some MettleCI CLI commands which communicate with the DataStage Engine tier are dependent upon the correct configuration of the mciworkb user's .ssh folder and its contents.
Directory /mciworkb/.ssh
The directory /home/mciworkb/.sshshould have the following properties:
user ownership of
mciworkbgroup ownership of
dstagepermissions of
700(drwx------)
For example:
$> ls -ld /home/mciworkb/.ssh drwx------ 2 root root 144 Feb 16 14:31 .ssh
These properties can be established with the following commands:
$> chown mciworkb:dstage /home/mciworkb/.ssh # Ownership $> chmod 700 /home/mciworkb/.ssh # Permissions
Files within /mciworkb/.ssh
The directory /home/mciworkb/.sshshould contain the file authorized_keys which effectively controls inbound connections from other hosts. It contains the SSH public keys of hosts that are permitted to connect to your DataStage Engine using key-based authentication. This directory may also contain other files such as known_hosts or config which are not required for successful MettleCI operations.
The authorized_keys file should have the following properties:
user ownership of
mciworkbgroup ownership of
dstage.permissions of
600(drw-------)
This can be established with…
$> chown mciworkb:dstage /home/mciworkb/.ssh/authorized_keys # Ownership $> chmod 600 /home/mciworkb/.ssh/authorized_keys # Permissions
For example:
$> ls -ld /home/mciworkb/.ssh/authorized_keys -rw------- 1 mciworkb dstage 1167 Feb 16 14:26 .ssh/authorized_keys
Third Party Systems
SSH may also be involved in MettleCI Workbench’s communication with Work Item Management and Git platforms. In these cases you will use a SSH key pair crated created on the DataStage Engine to form this connection. The public key will be supplied to the third party system which will use this when communicating with your DataStage Engine tier. You can either use the key pair created for you by the MettleCI installation process (workbench.key / workbench.key.pub) or create your own. The process varies from tool to tool, so please see the relevant MettleCI documentation for tools relevant to you.